Wish is a mobile e-commerce platform that flips traditional shopping on its head. We connect hundreds of millions of people with the widest selection of delightful, surprising, and—most importantly—affordable products delivered directly to their doors. Each day on Wish, millions of customers in more than 160 countries around the world discover new products. For our over 1 million merchant partners, anyone with a good idea and a mobile phone can instantly tap into a global market.
We're fueled by creating unique products and experiences that give people access to a new type of commerce, where all are welcome. If you’ve been searching for a supportive environment to chase your curiosity and use data to investigate the questions that matter most to you, this is the place.Job Description
The Security team is responsible for the security and integrity of the Wish platform and corporate environment which is paramount to our success. We work to secure and protect Wish’s assets such as customer or payment information, and handle potential data breaches or develop tools in partnership with other technical teams. As a Security Analyst, you will work with our team to assess risk and relative priority of security initiatives, and lead execution on those initiatives.
What you'll be doing:
Help establish security best practices across the company.
Analyze our security posture, identify gaps, and work closely with other teams to ensure strong operational security.
Lead complex security projects from design through implementation and maintenance.
Provide ongoing maintenance and improve system health and reliability of security services.
Participate in design and implementation reviews of security and infrastructure projects.
Monitor and participate in external security forums, conferences, education, etc.
Lead and mentor junior security engineers and analysts.
Provide security expertise regarding vulnerabilities, exploitation/attack scenarios, and the risk in terms of likelihood and impact.
Partner with cross functional teams to implement security controls
Able to look at vulnerability reports and understand what needs to be done to applications based on the results (determine false positives and remediation plans for application level vulnerabilities)
Stay up to date with the latest threatscape, attack vectors and countermeasures
4+ years of experience working on or with security teams
Experience with implementing 802.1x on wired and wireless networks
Knowledge of Active Directory, DNS, PKI, SAML, TLS, secret management services
Experience securing large scale, multi-site networks
Experience with secure remote access/WAN technologies (ipsec, VPN, etc)
Experience deploying web application firewalls (ideally AWS)
Experience installing security controls- for example WAFs (web application firewall)
Familiar with most common exploited CVEs and remediation methods
Competency in Linux OS.
Strong knowledge of security topics including network and application security, infrastructure hardening, security baselines, and web server / database security
Hands-on experience working in an agile security team and can point to your impact in how you’ve helped improve security posture, preparedness, or maturity.
You have a keen eye for identifying problems and opportunities in large-scale distributed organizations, and understand where and when to apply your attention to detail.
Knowledge of network-based and system-level attacks and mitigation methods
All your information will be kept confidential according to EEO guidelines.